Monday, June 15, 2009

To Run Or Not To Run?

I had a post awhile back in which I stated I don’t run Antivirus software and don’t get infected. Someone wanted to know how I do this and what steps I take to prevent virus from getting to me. It’s not really all that hard and just takes a little bit of your time to set up your PC so it is more secure and the most important part it takes just COMMON sense. Now before someone asks “how do you know your not infected if you don’t have antivirus software?” It’s simple to anyone who has ever dealt with Malware, your PC does things it never did before and nags you about things it never did before. Trust me you know when you’re infect, your PC is just plain flakey. Have I ever had a virus? Of course. But since I’ve done what follows and gotten smarter about computers I haven’t had a virus in years.

Why don’t I use anti virus software? I don’t like the impact it has on the performance of my PC. I’m a Power user and extract ever last cycle of the CPU to get the maximum performance out of it. The last thing I want is some software hampering the hardware I spent good money on slowing my system down. Plus I see no need to pay for something to protect me from myself. That is not to say all this type of software is bad. Some have less impact then others. It also has it’s place if you have kids who use your PC which is all the more reason to do the following and use anti virus software.

Disclaimer: If you don’t feel comfortable making any of these changes by all means don’t and keep using what is working for you. But if on the other hand you have had to deal with the Pain In The Ass virus/spyware then give these sound principles some thought.

First thing is patch patch patch. Turn on Windows Update and use it. If you don’t set it to install automatic updates at least set it to notify you of updates. This way you can go through the list of what Microsoft wants to install and choose accordingly. For the most part there is no reason to not install these updates. The first Tuesday of every month is Patch Tuesday. Microsoft issues patches every month at this time and sometime more often then that with what is termed “zero day flaws” where a new bug is found and patched quickly if it is a major hole.    

The next and best thing you can do is stop using your everyday Desktop in the Administrator account profile. By default this is the account created the first time you fire up your new computer. I’m not going to get into why Microsoft still thinks this is the way to do it but it needs to be changed. So the first thing you do is create a new user for you, and anyone else that will be using this PC for that matter, and give that account “Limited User” status. This is easily done by going in to Control Panel and adding a New User and following the prompts. Once this is done Log In with your STRONG PASSWORD using that account. There really is no reason to run as the Administrator unless there’s a real reason you need to be in the guts of the system. Unless you are a Power User and, even if your are, you can do everything you need to for the most part using this type of account. If you are a Power User you have no need to read any further because you already know as much or more then me already.

Several things happen when this is done. First is it isolates the “root” (read guts) of the system from the user which causes the system to start asking questions. The bad part about this is you start to see more Nag windows. The good part is you start to see more Nag windows asking for permission to change something. If you’ve done something on purpose to cause these Nag pop ups, like installing software, then you can be pretty confident that the changes you are about to make are ones you asked it to make. On the other hand if out of the blue these Nag window popped up chances are this is something you didn’t ask your PC to do and something else is trying to make the change which has the risk of being bad. Think. Did I ask my PC to do this?

The down side to this is it does take some time to get to where the system stops asking questions and stops bothering you. The up side is you learn more about what you system is trying to do and you can make proper and informed decisions accordingly. You learn when to expect these Nag windows so when they pop up out the blue it should make you raise an eyebrow and take notice. If you’ve had your system running for sometime using the Administrator account it can and will be a major pain for awhile. You will have to “import” and change a lot of your personal settings to get it back to where you were. The up side is all users can now have a system set to the way they like to use it instead the way one user has it set. All users now have there own desktop, favorites, email accounts and so on.

The simple rule here is did you do something that is calling for the change to the system? If you didn’t stop, think, read, decide.

Another common way to get infected is via email which I’m sure we’re all aware of. Here again some simple tips can save you hours of grief. Consider signing up and using a free Web based email service like Hot Mail or Yahoo or similar services. I’ve got a Excite account that I’ve had for years that I use for junk. Anytime I go to some web site that wants me to sign up and create an account that needs to send an “authorization” email to I always give this address. I don’t care how much spam this account gets since to be honest that is what it’s job is. The only time I log in to that account is when I’m looking for that email from that place. This keeps my “real” personal email address from being exposed and or sold to spammers. Can you guess how much spam I get in my real account? Yup zero, zip, zilch, nada. That Excite account on the other hand is full of it daily and I couldn’t be happier. The added bonus to this is it stops infected attachments form auto-executing in my inbox. Can you believe there was an email in this account the other day with the subject line “Open and Install the Attached File.” Believe it or not people are stupid enough to do that. Just say NO to spam. Never click a link, never click “unsubscribe to this email” because all that does is inform that in fact this is a valid email address. Another advantage of using Web based email is you can get your email from any web connect PC.

On the subject of email and attachments. Between this and using file sharing services is the simplest and quickest way to get infected second only to rouge web sites which I will get to shortly. Be leery of any and all of them. If you have someone who likes to send you funny pictures all the time chances are they are safe. There was a time when a JPEG file was one of the last safe files to open without worry, not so anymore. Just because it looks like a friend sent it doesn’t mean they did. If you have any doubt send them an email and ask then if they sent it. If it is a file type they don’t send normally then be on high alert. When I want to send a file to a friend I always send a quick email first to tell them to be looking for XX type of file.

Here is the beauty of running with a limited user account. Say you did just open that email and it was infected. What do you suppose your system is going to do? Yup it’s going to pop up a Nag window. Did you expect it to do this? For the most part you are not going to be looking at changing system files by just opening a file. So if the pop up is asking to open a program on your system to view it chances are good this was expected. But on the other hand it it wants to install something before it will allow you to view the files it’s not a good thing.

While on the subject of sending emails I got to get this pet peeve out here. Want to know the fastest way to get on fasthair’s shit list? Forward me an email with my email address in the “To” line instead of the BCC, Blind Carbon Copy and send it to everyone in your address book that I don’t know. And if you forward me a chain letter asking to find this lost kid or the like this way I’ll get real pissy quick!!! Hey I like a good laugh as the much as the next guy but just send it using BCC and Copy and Paste the funny part in a new email. I refuse to click through 20 forwarded emails just to see a photo of some dumb shit. This is email etiquette 101 and helps protect you and all of your friends email from spam botz. OK rant over, back to our a regular programming.

This type of attack is getting more and more common and even fooling friends that I know know better. The “drive by” attack. You’re cruising the web and all of sudden you get a pop up that says something to the affect of “A virus has been detected on your PC. Click here to clean your system.” For the love of God don’t do it because the only virus on your system is the one they are about to drop on your system. Your system is going to try and save you and pop up a Nag window because of this install trying to get into your system. But since you think this is something you need to do you will click Yes. This gets back to did you really expect this to happen? The only time you want to click Yes on the web is when you expect it to download or install something. Examples of this is you are a trusted site and it wants to install an add on or download a file. By trusted I mean some site like Harley Davidson’s web site or Microsoft and the like. If you are some place you’ve never been before beware. These add ons are mostly Active X type of add on which are a major security headache. Unless you have a specific need to run these add ons don’t.

Lastly I think this goes without saying but stay off the webs Red Light district. Red Light sites include porn, file sharing and warez (hacked software) sites. File sharing and warez sites are full of malware and you’re asking for trouble. If you must view these sites make and use a User Account that has no rights to install anything! Those “click here to install the viewer” are nothing but trouble. Consider these sites like you would AIDS. Nuff said?

So in review:

  • Patch your system.
  • Run with Limited User account and use Administrator account only when you must.
  • Use Web email for all but your most personal and trusted email friends.
  • Stay out of the Webs Red Light distinct. If you must go there use a even further restricted User type of accounts and DO run AV software.
  • Use common sense. If your system is asking to do something did you do something you expected to see this type warning?

These are five simple easy steps to help protect and secure your system while still getting the performance you paid for out of your system.



Dean "D-Day" said...

All good advice.
Thanks for the reminders.

Stacy said...

Great tips, Fasthair. Like you, I don't run any AV software on my machine. I'd like to add a couple tips of my own, if I may.

- Use Firefox. This is more than just a matter of preference. Microsoft often takes forever to patch known vulnerabilities; Firefox often has issues patched within 24 hours.

- Get a firewall and USE IT. Software firewalls such as Zone Alarm are all right, but somewhat annoying to learn and configure.

I prefer the firewall that comes with my wireless router. This prevents "drive-by" attacks that occur when the bad guys scan every IP address in a range. In layman's terms, that like burglars trying every front door in your neighborhood looking for the one that's unlocked. Don't be the house that's unlocked. :)

fasthair said...

Mr. Dean: You're welcome. Just simple stuff that only takes a bit of time and cost nothing while not impacting your system performance.

Ms. Stacy: All comments and advice welcome and you gave some solid ones. As far as a software firewall like Zone Alarm goes, the one built in to Windows works pretty good. I know ZA and used it in the past and yes it can be a real pain to set up. But it cost money and all of these tips cost noting. But I agree completely any firewall is better then none. A hardware firewall like your router is best. These devices make your system look like they are not connected to the 'Net at all giving a stealth look to port scanners. If you have an always on broadband connection I feel a router is a must even if you are not sharing your connection with other PCs in the house.

Great tips Stacy thanks for adding them!


Arizona Harley Dude said...

Thanks for the tips. There are a couple I don't do, but I am tired of paying $60 a year for Windows Live One Care.

Ann said...

Great tips, fasthair. We have pop-up and virus trouble a lot. We may have to try your tips. Thanks.

Big Daddy said...

Damn !
I thought you were texting from the road and trying to decide a split descision....can I outrun them or not? ;]

mq01 said...

fasthair, great info, thank you. matter of fact i even discussed this with my office it guy, and he agreed... :)

fasthair said...

Mr. AHD: Some good and bad news for you. First the bad, Live Care as you may or may not know has been been discontinued by MS. The good is MS has rolled out in Beta testing right now a anti-virus product that is getting very good reviews and the best part is it will be free!!! Not sure of the time line when you will see Microsoft Security Essentials.

Ms. Ann: I think you will find it you just change the User account type to a Limited user a lot of your problems will go away. Like I said this will make the system ask you to change things which will help you keep things at bay. And tell Big D to stop downloading porn

Big D: Like my daddy use to say before he left this shitty world... (can you name the movie that line is from?) "you may be able to out run the car but you can't out run the radio."

Ms. M: Nice to hear this. I learn this stuff by reading papers written by IT type guys. This is all such simple to do easy stuff that has been "common" knowledge for years but the average person doesn't know this because no one has ever told them.


irondad said...

I learned a couple of things. Setting up a limited user account was something I hadn't thought of. I used to have Norton and it killed me how much of my resources it used up. Glad to know I could get away with no anti-virus software.

What about spyware from "innocent" sites? Do you run software from someplace live Lavasoft? I'm not seeing how to prevent that kind of thing otherwise. Probably just me!